in spark-on-eks/source/lib/cdk_infra/network_sg.py [0:0]
def __init__(self,scope: core.Construct, id:str, eksname:str, codebucket: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# //*************************************************//
# //******************* NETWORK ********************//
# //************************************************//
# create VPC
self._vpc = ec2.Vpc(self, 'eksVpc',max_azs=2)
core.Tags.of(self._vpc).add('Name', eksname + 'EksVpc')
# VPC endpoint security group
self._vpc_endpoint_sg = ec2.SecurityGroup(self,'EndpointSg',
vpc=self._vpc,
description='Security Group for Endpoint',
)
self._vpc_endpoint_sg.add_ingress_rule(ec2.Peer.ipv4(self._vpc.vpc_cidr_block),ec2.Port.tcp(port=443))
core.Tags.of(self._vpc_endpoint_sg).add('Name','SparkOnEKS-VPCEndpointSg')
# Add VPC endpoint
self._vpc.add_gateway_endpoint("S3GatewayEndpoint",
service=ec2.GatewayVpcEndpointAwsService.S3,
subnets=[ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC),
ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE)])
# self._vpc.add_interface_endpoint("EcrDockerEndpoint",service=ec2.InterfaceVpcEndpointAwsService.ECR_DOCKER, security_groups=[self._vpc_endpoint_sg])
self._vpc.add_interface_endpoint("CWLogsEndpoint", service=ec2.InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS,security_groups=[self._vpc_endpoint_sg])
self._vpc.add_interface_endpoint("AthenaEndpoint", service=ec2.InterfaceVpcEndpointAwsService.ATHENA,security_groups=[self._vpc_endpoint_sg])
self._vpc.add_interface_endpoint("KMSEndpoint", service=ec2.InterfaceVpcEndpointAwsService.KMS,security_groups=[self._vpc_endpoint_sg])